render-oss/render-postgres
skills/render-postgres/SKILL.md
Sets up and optimizes Managed PostgreSQL on Render—connection strings (internal vs external), creation constraints, storage autoscaling, connection limits, high availability, read replicas, backups, and MCP inspection. Use when the user mentions Postgres, PostgreSQL, Render database, connection string, DATABASE_URL, backups, snapshots, replicas, HA, disk storage, connection pooling, or troubleshooting DB connectivity.
$ install --global
skillsauthnpx skillsauth add render-oss/skills render-postgresInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 1, 2026, 7:00 AM268.9s5 files scanned
SKILL.md
- name:
- render-postgres
- description:
- >-
- license:
- MIT
- compatibility:
- Render Managed Postgres (any plan)
- author:
- Render
- version:
- 1.0.0
- category:
- data
Render Managed PostgreSQL
This skill covers Managed Postgres on Render: how to connect, what cannot change after creation, storage behavior, limits, HA, replicas, and safe deletion. Deep dives live under references/.
When to Use
Apply this skill when the user:
- Configures Postgres for an app on Render (URLs, TLS, pooling)
- Creates or changes a database, plan, disk, or replicas
- Asks about backups, PITR, exports, or deleting a database
- Hits connection limits, SSL errors, or latency between services and DB
- Authors Blueprint
databases/readReplicasor wiresfromDatabase
For deploy flows and Blueprint basics, see render-deploy and render-blueprints. For private networking between services, see render-networking. For env var patterns, see render-env-vars.
Connection Patterns
Render exposes two connection URLs for the same logical database:
| URL | Use when | TLS | |-----|----------|-----| | Internal | App or service on Render in the same region and workspace | Not required (private network) | | External | Local development, CI, or tools outside Render | Required (TLS 1.2+) |
Always prefer the internal URL for Render-hosted apps so traffic stays on Render’s network and avoids extra latency and public egress patterns.
- IP allow list applies to external access only. Same-region Render services use the internal URL regardless of the allow list.
- External clients must use TLS; misconfigured clients often show SSL handshake or
sslmodeerrors.
URL formats, Dashboard locations, Blueprint fromDatabase, pooling, and common mistakes: references/connection-guide.md.
Creation and Setup
- Instance display name: Can be changed later (where the Dashboard allows renaming the resource).
- Immutable after creation:
databaseName, database user, region, PostgreSQL major version. Plan these before create; changing them requires a new database and migration. - Storage size: 1 GB or multiples of 5 GB when provisioning.
Wire apps with Blueprint fromDatabase using property: connectionString (or host, port, user, password, database individually). See render-blueprints.
Multiple logical databases
You can run CREATE DATABASE new_db; in psql on the same instance. Host, port, and credentials stay the same; only the database name in the URL path changes (e.g. .../myapp vs .../new_db).
Storage Management
- Autoscaling: When disk use reaches roughly ~90%, Render can grow storage by about ~50%, rounded up to the next 5 GB multiple, up to 16 TB max.
- Cannot shrink disk after an increase.
- Cooldown: After a storage increase, you cannot increase again for 12 hours.
- Over limit / unhealthy: If disk is over the configured limit, the database can become unhealthy; Render may suspend it until resolved.
Monitor disk and plan exports or cleanup before you hit hard limits. Backup and restore options: references/backup-and-recovery.md.
Connection Limits
Maximum connections depend on instance RAM (current-generation plans):
| RAM | Max connections (typical) | |-----|---------------------------| | Under 8 GB | 100 | | 8 GB | 200 | | 16 GB | 300 | | 32 GB and above | 500 |
Legacy database plans may have lower limits; confirm in the Dashboard or API for the specific plan.
Render does not provide a built-in pooler; use application-side pooling (framework pools, PgBouncer, pgpool, etc.). Limits are hard—exhausting them causes connection errors. More detail: references/connection-guide.md and references/performance-tuning.md.
High Availability
High availability (HA) is available when:
- Workspace is Professional or higher, and
- Database plan is Pro or higher, and
- PostgreSQL 13+
Instance type changes cause brief downtime. With HA, downtime is typically less than without HA (often on the order of minutes without HA—exact duration depends on plan and operation).
One-way migration off legacy types: After moving to current-generation instance types, you cannot move back to legacy instance types.
Read Replicas
- Up to 5 read replicas per database.
- In Blueprints, declare replicas under
readReplicasas a list of names. - CAUTION — declarative sync:
- An empty
readReplicaslist can destroy all existing replicas. - Name mismatches between the Blueprint and live replicas can create new replicas and remove replicas whose names are no longer listed.
- An empty
Always treat readReplicas as authoritative desired state, not additive-only.
Useful MCP Commands
Use the Render MCP tools (names may vary slightly by integration; align with your server’s tool list):
| Goal | Tool / pattern |
|------|----------------|
| List databases | list_postgres_instances |
| Instance details | get_postgres with postgresId |
| Read-only SQL | query_render_postgres with postgresId and sql |
| Connection load | get_metrics with resourceId (Postgres ID) and metricTypes: ["active_connections"] |
query_render_postgres runs in a read-only transaction and opens a new connection per query—do not use it as a substitute for app pooling.
Shorthand (same tools): list_postgres_instances(), get_postgres(postgresId), query_render_postgres(postgresId, sql), get_metrics(resourceId, metricTypes: ["active_connections"]).
Deleting and Data Safety
- Backups and snapshots are not retained after you delete the database. Export first (
pg_dump, Dashboard restore workflow from existing backups, etc.). - Before destructive actions, confirm retention and recovery paths in
references/backup-and-recovery.md.
References
| Document | Contents |
|----------|----------|
| references/connection-guide.md | Internal vs external URLs, SSL, allow list, Blueprint wiring, pooling, multi-database URLs, troubleshooting |
| references/backup-and-recovery.md | Snapshots, PITR, pg_dump / pg_restore, restore flows, deletion, cross-region |
| references/performance-tuning.md | pg_stat_statements, indexes, bloat, EXPLAIN ANALYZE, metrics, scaling |
Related Skills
- render-deploy — End-to-end deploy, services, and MCP/Dashboard flows
- render-blueprints —
databases,fromDatabase,readReplicas, immutable fields - render-networking — Private services, regions, and how traffic routes between resources
- render-env-vars — Storing
DATABASE_URLand secret wiring patterns
Related Skills
render-oss/render-web-services
development
VerifiedTrustedCommunity
Configures Render web services—port binding, TLS, health checks, custom domains, auto-deploy, PR previews, persistent disks, and deploy lifecycle. Use when the user needs to set up a web service, fix health check failures, add a custom domain, configure zero-downtime deploys, or troubleshoot port binding issues.
44SKILL.mdUpdated Apr 30, 2026
render-oss/render-static-sites
development
VerifiedTrustedCommunity
Deploys and configures static sites on Render's global CDN—build commands, publish paths, SPA routing, redirects, custom headers, and PR previews. Use when the user needs to deploy a static site, set up a React/Vue/Hugo/Gatsby frontend, configure SPA fallback routing, add redirect rules, customize response headers, or choose between a static site and a web service for their frontend. Trigger terms: static site, CDN, SPA, single-page app, React deploy, Vue deploy, Hugo, Gatsby, Docusaurus, Jekyll, staticPublishPath.
44SKILL.mdUpdated Apr 30, 2026
render-oss/render-scaling
tools
VerifiedTrustedCommunity
Scales Render services—configures autoscaling targets, chooses instance types, sets manual instance counts, and optimizes cost. Use when the user needs to handle more traffic, set up autoscaling, pick the right instance type, reduce costs, or troubleshoot scaling behavior like slow scale-down or stuck instances.
44SKILL.mdUpdated Apr 30, 2026
render-oss/render-private-services
development
VerifiedTrustedCommunity
Configures Render private services—internal-only apps that accept traffic exclusively from other Render services over the private network. Use when the user needs an internal API, microservice, gRPC server, sidecar, or any service that should not be publicly accessible. Also use when choosing between a private service and a background worker. Trigger terms: private service, pserv, internal service, internal API, microservice, gRPC, not public, private network service.
44SKILL.mdUpdated Apr 30, 2026